Application Security Engineer

Introduction

Strike is the Bitcoin company. With Strike, you can buy and sell bitcoin, pay bills, and borrow against your holdings. From individuals to businesses, Strike is purpose-built for every step of the Bitcoin journey. Available in more than 100 countries — including the U.S., Europe, Latin America, and Africa — Strike is building a better financial system powered by Bitcoin. Bitcoin is better money. Strike is how you use it.

Role

We are seeking an Application Security Engineer to act as the essential bridge between our security and engineering teams. This role was initiated to ensure security is deeply integrated into our engineering processes. You will be working with both the Security and Engineering teams, serving as an "engineering first" advocate who brings adversarial thinking to our development lifecycle. Security is not a final checkpoint but a foundational part in how we build. The role reports into the Strike CISO. This position is open to candidates based in the US or Europe.

Key Responsibilities

• Cross-Team Collaboration & Oversight: Function as a normal part of the engineering team by participating in new Request for Comments (RFCs), Product Requirements Documents (PRDs), code reviews, and project planning meetings.
• Adversarial and Threat Analysis: Provide deep security probing and adversarial thinking on features with clear security implications, such as identity servers and authentication endpoints.
• Vulnerability Management: Take ownership of vulnerabilities found specifically in code, ensuring they are properly assessed and mitigated.
• Infrastructure & Tooling Management: Take ownership for Cloudflare controls, managing and constructing ingress Web application Firewall rules. Additionally, utilize code analysis tools to integrate security directly into our development processes.
• SIEM System Uplift: Create incident response workflows, alerting rules, and drive general improvements within our Security Information and Event Management (SIEM) system.
• Security Process Building: Define ownership, build scalable security capabilities, and collaborate across teams to empower other engineers to execute security tasks, rather than acting as a single point of failure.

Required Qualifications & Experience

• Engineering Background: Proven experience in pure development and coding.
• Google Cloud Platform and Kubernetes: Experience with deploying, designing and managing GCP services.